Posted
by
timothy
on Tuesday October 12, 2010 @10:00PM
from the please-report-to-your-cubbyhole dept.

hankwang writes "The Dutch telecommunications authority OPTA has announced that Dutch hotels must register as internet providers (original version, in Dutch) because that is what they formally are, according to Dutch laws. It is well possible that once hotels are officially internet providers, they will also have to abide by the European regulations on data retention and make efforts to link email headers and other data traffic to individual hotel guests. Could this also happen in other European countries? This is probably not likely to lead to a more widespread adoption of free WiFi services in hotels."

The OPTA has said that they are not sure yet if the hotels are ISP's. They are still investigating this and I think that is the reason they have send some letters out. In order to get a trial so it will become clear what an ISP is. In the Netherlands everyone who offers public access to internet or other telecomservices has to deal with the OPTA. It's also the organisation that puts fines on spamming etc. Our telecom watchhound in short.

I'm sure the hotels could fight the ruling. They have many things going for them such as....they're a hotel damnit. How fucking stupid is this? I assume no other ISP in the country provides living quarters and a complimentary breakfast bar. Not to mention the internet service does not originate with them. They are simply a bulk account of the TRUE ISP. I thought they only dreamed up stupid shit like that in the USA.

What about all the other places that provide some form of WIFI? Cafe's? Libraries? Surely a cafe owner doesn't have to go through the same messing about that an ISP would? How would they afford all the tech know-how to be able to keep logs and bits of everyone who wanders into their business and asks for a latte while holding a laptop?

"Dutch Hotels Must Register As ISPs" is wrong (they do not) and should read "Dutch OPTA sues Hotels for being an ISP".It is the OPTA that is test-trialing 10 large hotels to find out (by ruling) whether they are (or not are) ISP's.

Stick to the persnicketiness of the law. Hotels simply need to say they are not providing internet services their ISP is providing internet services via remote hardware. So it simply means ISPs need to slightly alter their provision of services to hotels. Perhaps a remote monitored and controlled router at Hotels.

Of course everyone knows what it is all about, monitoring the populaces use of internet services, can't have naughty executives, holiday makers and foreigners looking at stuff they shouldn't be

And now when there are protocols like SMTPS and also TLS on SMTP as well as IMAPS and POP3S the loggings will only provide information that a certain IP was connected to a specific mail server and no indication at all of what the mail headers were.

Those of us working in tech also knows that the precision of the logs may not be the best. Clocks between servers may drift unless NTP is used (and not everyone configures that), logging info for DHCP may be incomplete, and many network cards offers the ability to

What about all the other places that provide some form of WIFI? Cafe's? Libraries? Surely a cafe owner doesn't have to go through the same messing about that an ISP would?

Maybe that is exactly what they are after. Proper ISPs are already required to retain a bunch of info and data about their clients so that internet wiretaps can be traced back to individual subscribers. But what use is that if any criminal can grab a netbook and wander into a hotel or bar to go online anonymously? My guess is that if

Oh, they call it something else ("huisbezoek", lit. "house call"), but in many cases people weren't given the opportunity to refuse entry. In some cases where the officials found the occupant absent a few times, they took a crowbar to the door. If such searches are sanctioned by the mayor, I say that he is issuing search warrants, no matter which flowery language they use to dress it up. It is just one of those many cases where the police or prosecutor's office use a method that is not strictly legal yet

Sure they can... and I think that is what the OPTA wants. Normally this organization is very in favor of consumers etc. Nothing bad to say about them really. So that's why I think the OPTA noticed a flaw in the law and wants to hear a court ruling about it. Not to 'punish' the hotels. I really believe they just want to know for sure what an ISP is for the Dutch law. Looking forward to see this evolve though. Could go either way.

> They also read it/search it, forward it to human analysts based on triggers, save it...perhaps for eternity etc..> Granted, it's not the ISP's doing that but other three-letter organizations.

To answer your question a bit more:

AFAIK, (E-Mail) Providers are forced to save the sender, his login ID and log-on/log-off times, recipients - including CC's and BCC's (both directions), subject line, dates/times of sent and received mail etc.. B

If you want to protect yourself, you need, as mentioned, a separate e-mail provider, preferably in a country without such crap. Then your ISP can't log anything because all they see is SSL traffic.

What about running your own mail server? I always wanted to do that anyway.

The only problem then is of course that SMTP traffic is unencrypted. Or is it? It would make sense if that also had an encrypted as well as an unencrypted version. But even then I can't force people who mail me to use the encrypted version.

> What about running your own mail server? I always wanted to do that anyway.

By all means...go for it. It gives you full control. Of course, you also need to set it up and maintain it to some extent (unless you have somebody do it for you) and, if you lease a server somewhere, pay accordingly. It's not that much though. Ditto for DNS.

> The only problem then is of course that SMTP traffic is unencrypted. Or is it?

The definite answer is: it depends:-)You can set the MTA up to negotiate the connection s

> It still surprises me that GPG/PGP is still not a standard feature of all mail readers. It seems so obvious.

Tell me about it:-)Don't let that hinder you though. For pretty much every MUA some Form of GPG-support is available. Like Thunderbird - Enigmail, Outlook - GPG4Win etc.. Cool MUA's, like Evolution, Kmail etc. have it built-in.Worst case scenario is to use GPG via the Clipboard. So you write your e-mail in some editor of your choice, then highlight everything/copy to clipboard and then do the GP

In this case it is irrelevantwhere it originates. All we need to know is that someone else is providing the signal (idk RF what ever)to the hotel. Any sane court or politician can see that they are paying another comppany to provide them with a service that they make available to their customers. You have to prove that the hotel generates the signal without the help of another entity.

The Internet originates with the Tier 1 providers. The value originates with the edge. You are confusing the two.

That is why I said, define it and tell me where it originates.

Oh I know. You were being a jackass asking a question with the intention of attacking any answer that didn't agree with your opinion because you think your opinion is more valid than any others. I just played the game because your opinion happens to be wrong in this case. If every non-Tier 1 were closed, the Internet would st

This is probably not likely to lead to a more widespread adoption of free WiFi services in hotels.

Now, since when is it in the core competence of a hotel to provide IT services?

Never.

Sure, have it available, provide it as a service to guests, but the hotels themselves don't offer the service, they outsource. Just like they do with the water, telephones, power, and everything else. If you actually LOOK at the default home page that your average hotel provides, you'll find a logo in the corner someplace indicating who the real service provider is. Hint: it's never the hotel unless it's some ratty shathole where the owner tries to save a few bucks by buying a couple of routers at the local Best Buy and sneaking a consumer DSL line.

In any real sense, this will have almost no effect on hotels with 3 or more stars. It might have some impact on the cheap independents.

I stayed at a hotel that provided Wifi in an ingenious manner: They put an access point with a directional antenna on a pole about 100 feet from the building, pointing at all the guest room windows. Another similar pole was on the other side.

The result? All the guest rooms were covered by two access points. This was the most reliable hotel WiFi I've ever used, as pretty much every room had line of sight to the access point, and the "portal page" was just an "I agree to the terms and conditions" and went thr

You are spot on, of course.Its not even a fringe competency, any more than stocking the mini-bar makes them competent bar tenders.

The problem here is that hotels, especially those with wifi have no method of determining which room is actually talking on a wifi router at any given time, without issuing individual passwords for each user, perhaps each device. Big chains may have that, but most small ones hang a router on each floor and call it good.

And I would add that I don't know if it is the same there, here in the USA we get a choice of "corporate ass kissing big brother loving rich asshole" A or B, so voting on anything more than the local level has pretty much become a joke. Hell they don't even pretend to give a shit about the average folks anymore, see the crazy DMCA and copyright laws or the repubs standing up and demanding continued tax breaks for the top 3%, which have been making out like bandits for ages. News flash for those repubs that

The problem here is that hotels, especially those with wifi have no method of determining which room is actually talking on a wifi router at any given time, without issuing individual passwords for each user, perhaps each device. Big chains may have that, but most small ones hang a router on each floor and call it good.

Actually, some hotels do issue passwords, in the form of having to enter your username (room number) and password (last name of guest in that room) before allowing access.

LOOK at the default home page that your average hotel provides, you'll find a logo in the corner someplace indicating who the real service provider is. Hint: it's never the hotel unless it's some ratty shathole

I think that you've summed it up. The purpose for any of this comes down to the government wanting more. In this case, I think it's the government wanting more control of personal data. Of course, it could just be for more money in the way of an ISP fee. IMHO, the government should stay out of such things entirely.

Someone, not mentioned explicitely in the article, complained to the OPTA, saying that hotels should be considered ISPs. OPTA considered the wording of the laws they are enforcing and said ' yeah, they might be right ' and has now summoned a few hotels to register as ISP's, to see where this leads.

Obviously, the law is poorly worded and this is a side effect nobody foresaw or intended. This will be probably be fixed, if even necessary.

Please stop with all the efforts to make every little hickup in the law system armaggedon for freedom, please. It's cheap and sensationalist.

Hmm, the Netherlands, UK, Denmark, North Korea, Swaziland, Lesotho and a few other coconut states are dictorships with medieval style kings/queens. There may be elections once in a while, but that is just for show...

Hmm, the Netherlands, UK, Denmark, North Korea, Swaziland, Lesotho and a few other coconut states are dictorships with medieval style kings/queens. There may be elections once in a while, but that is just for show...

You have no clue.... seriously. That is complete and utter bullshit what you are saying there. How do I know? I live in the Netherlands. Dictatorship... lol:')

I believe that the parent made a joke.

Joke:# a humorous anecdote or remark intended to provoke laughter; "he told a very funny joke"; "he knows a million gags"; "thanks for the laugh"; "he laughed unpleasantly at his own jest"; "even a schoolboy's jape is supposed to have some ascertainable point"# jest: activity characterized by good humor# tell a joke; speak humorously; "He often jokes even when he appears serious"# antic: a ludicrous or grotesque act done for fun and amusement# act in a funny or teasing

Anytime you deal with people, any societal superstructure such as a country, will have downsides and upsides. Europe has never respected freedom of speech to the level the US does, otoh, they are better in healthcare and the like, imo.

As with anything, it depends what you want in life. Some days, I'd like to move to Antarctica.

Anyone joining the EU is signing off their freedom... Here in Finland, we're not even allowed to have parks with certain wooden-fabrics due to EU regulations, so 5 parks in my home-town have been demolished! EU is nothing but a dictator.

I always thought these things were to ensure that companies get the same freedom (that is, they are restricted the same amount by government). If ISPs get lots of regulations, then it's only fair that hotels offering WiFi be burdened the same way. It's like when the school bully is only picking on some of the kids, and they argue that he should pick on everyone equally to be fairer.

I am not sure if they do the same in other EU countries, but in Denmark we just ignore the data retention regulation. It is common for apartments blocks to have their own intranet with shared internet essentially making them ISPs. When the regulation came out a few years ago there was a large panic on how to possibly abide by it. Fortunately all the large ISPs prepared the systems to do it, but never implemented them, the official stanze is: We are not going to implement these systems until forced to, and with no one else following the regulations, no one wants to be the first.

Because such regulation is costly. Whenever somebody (usually the local RIAA offices) asks them to provide the logs or comply with the law they say: sure we can, but we'll be out of business in 6 months unless you provide in the equipment. The RIAA doesn't want to provide in the equipment, they're already making a loss on their existing practices. The government doesn't want to provide in the equipment because that would either mean unpopular budget cuts elsewhere (like cutting their version of Medicare or

I am not sure if they do the same in other EU countries, but in Denmark we just ignore the data retention regulation.

The data retention regulation wasn't encoded into law here in the UK either (the world-leader in defending [bbc.co.uk] personal [slashdot.org] privacy [bbc.co.uk]). Instead, it is my understanding that the major ISPs have a "gentleman's agreement" with the Home Office (similar to the one for our Internet censorship scheme [wikimedia.org]) whereby the Government agrees not to order them to retain data if they agree to retain it. As far as I know, most of the smaller service providers completely ignore it.

Mind that:Option 2 is already implemented. (and i refer to the old US health insurance: its horror when compared to how free countries support their citizens health)Option 1 is merely a "test trial" thrown against ten large hotels because OPTA has its job to do.

On this situation:I view this as a protest against a bad law on what makes someone an internet provider. Perhaps a chess move in something that doesn't aim to make Hotels an ISP, but to make it so actual ISP's can't hide behind the same walls (like h

I read this yesterday on nu.nl and I think it's completely ridiculous. The hotels (and my hospital I found out yesterday, and McDonalds and many many other places) can offer WiFi because they have a deal with a provider. Isn't that enough? I thought the Opta was there for the consumer but now I am not so sure anymore.

I read this yesterday on nu.nl and I think it's completely ridiculous.

Me too.

The hotels (and my hospital I found out yesterday, and McDonalds and many many other places) can offer WiFi because they have a deal with a provider. Isn't that enough?

(tongue-in-cheeck.. or only half-of? Not quite sure yetmyself, but I reckon that's the position of govs in the near future)No, it is definitely NOT enough: if you provide transport-service you are an ISP (you do provide some Internet service; nobody says somebody is an ISP if and only if only if it provides email or Web hosting on top of transport services).This means every person (organisation or not) that can act as a point-of-control-and-prevention will be, sonner or later, forced to assume all t

It depends on the contract you have with the provider. If I were a hotel or restaurant and I would want to offer WiFi services I would outsource all of it to a provider. I pay a monthly fee and let them install the hardware and make sure everything works, so that I can concentrate on my core business. Then if something happens to the WiFi it's the provider's problem, not mine. If Opta doesn't agree with that we take it to court.

If the ISP accepts the outsourcing and the full responsibility for what transits it's network(thus running a "point of presence" in the hotel), I imagine that what you suggest could work... but for sure the ISP's fees won't be small... it's like they'll expect the hotel to pay for N customers, N being the number of rooms even when the rooms are vacant (imagine a block of flats, each appartment having Internet. It doesn't matter for an ISP if the family in one apartment goes in vacation and the respective co

Hotels were also found to be cable TV providers, telephone service providers, cell phone service providers, water and electric utility providers, furnishing distributors, and food and beverage distributors and must meet all the requirements and responsibilities of each of those industries.

Very true news. But someone cannot track me back for the exact water I extracted out of a faucet at 11:00pm to swallow an Advil. Rather they knew water was consumed, perhaps, but not for what purpose. The internet is different because this is a two way flow of information. AC you have a valid point in saying why the legislation likely had ground due to those other industries.

But they could if they put in cameras and water meters on every tap, using networked devices to relay the data.

I guess they really could if they wanted...haha

Although this is unrelated to your argument (I understand your point), restaurants must meet an "average" and even then they are allowed some margin of error. No exacts in grilling a burger when one side of the burner is hotter...The veggie burger analogy, well give the exact ingredients, to measure calories if you are going to be a purest about science, we have to burn it.

Of course this makes sense. Didn't you realize that this is the same logic used to justify the long standing practice of classifying hotels as power, water, and sewage utilities, as well as TV broadcasters, farmers, ranchers, etc. What is the difference?

They are typically going to HTTPS to some webmail account. Good luck getting the headers out of that.

They will know that you connected to https://webmail.example.nl/ [example.nl] and can now go to that provider demanding the data. Not sure if they already are around of getting that data by default or are still working on that.

If the hotel has a NAT-ted network, what are they supposed to log?

It starts with the MAC adress, then also the remote IP and if possible the email address. This could mean that customers must get a

This particular one has free wireless, and there is no way to identify a particular system accessing the net to a room. In fact, without staying here I could still probably sit in the car park or hotel lobby and access the internet from there. There's even a PC in the lobby with anonymous access from it.

Granted it does use a "Hotspot" login page (just need to check a checkbox and click login), so I suppose that could be modified to have someone provide a room number or PIN etc...

Changing the way things work though will invariably be a pain though, especially if you need to access the Internet over the weekends and the authentication system breaks down or something else goes wrong... (as seems to be quite common with the systems in many hotels). Reception tend to look at you with rather blank faces when this happens, and it usually isn't fixed until a weekday.

The data retention system is never ever going to prevent any terrorism. Real dangerous terrorists would never communicate over the open Internet, and amateurs that might are not really dangerous; they are more likely to either blow themselves up by accident or be unable to manufacture even the simplest explosive that works.

For me, when I'm at a hotel I don't use tappable/monitorable e-mail. I'm either using secure IMAP to my own server, running a client on my home machine remotely via X11-over-SSH, or using my own WebMail server (or a Google one) via HTTPS with a check of the certificate. I assume that any time I'm on a "free wi-fi" network there may be proxy servers handling all unencrypted traffic (and potentially trying to MITM SSL traffic), so I avoid running anything across the network that I don't want the general publi

Hotels offer free wifi since guests demand it. If red tape turns up which turns them into an ISP I don't see it necessarily stopping them from offering wifi. Instead some enterprising company will sell an ISP in a box, which will be a glorified NAS / router with extra logging/audit trail.

Early drafts of the Digital Economy Bill would have had all ISPs liable for data retention and, more onerously, require they could identify individual subscribers in the event of complaints about "illegal" downloading. Inability to comply would have meant the ISP taking full liability for their users actions. This would have been the end of collective Internet provision in a whole range of settings (hotels, cafes, managed business premises,...) where the costs of compliance would outweigh the revenue genera

Hotels also supply customers with electricity, water and often tv over cable network. They dispose of their customers trash and relay messages left for their customers.
So they should have to register as power distributor, waterworks, cable network company, postal company and waste disposal contractor, right?

I have a Galaxy S, yesterday I had to give to my poor iPhone friend some internet by turning my Galaxy S into a wirless hub.That would make me an ISP.Does that mean I have to retain his emails for 8 years ?

The word "libertarian" comes from 19th century libertarian socialism, which was later called anarchism. It's a part of the socialist movement that rejected Marx's state socialism for being dictatorial and oppressive. They also rejected capitalist liberalism for creating privilege, injustice, and in the end also oppression.

I honestly think we should take another look at anarchism/libertarian socialism.

I'm amazed how little your comment resembles reality. Libertarians, and also the TEA party crowd (though they are not exactly the same) favor a smaller government all the way around. Sure, there are some who, for instance, hate recreational drug use. However, as they favor less government, they don't want the government to restrict it. On the other hand, on the left leaning side, some might not like people to have firearms, and yet they also don't want government regulation there.

I'm amazed how little your comment resembles reality. Libertarians, and also the TEA party crowd (though they are not exactly the same) favor a smaller government all the way around. Sure, there are some who, for instance, hate recreational drug use. However, as they favor less government, they don't want the government to restrict it. On the other hand, on the left leaning side, some might not like people to have firearms, and yet they also don't want government regulation there.

The Libertairians and the TEA party voters don't agree on how to wield the mighty arm of the law, they agree that it should be weakened. They believe that instead these things should be decided on a state, or community level, but not on the national level. They certainly wouldn't push for the regulations you speak of, and controling communications is right out.

Now i'm not saying you in particular feel the need to push your viewpoint on others but there are plenty of Libertarians who do. They want to control the internet so that it fits their idea of morality. This has become the new meaning of Libertarianism. It's the opposite o

That's the crux of the thing, isn't it? People shout at the top of their voice how they are in favor of freedom, but when quizzed it turns it they want freedom so they can do whatever they damn well please, and the filthy gays/gun-nuts/pornographers/fundies/whatever can rot in hell.

And to get back to the article, we're talking the Netherlands, where the Freedom Party wants to ensure freedom by changing the first article of our constitution to explicitly state we're a Judeo-Christian nation and kicking all t

Seeing as how I've actually been to TEA party rallies and support Libertarian ideas, and have not come across a single example of a libertarian push for government control of anything, I must ask you to cite your sources.

Tea Party protests FOR government intervention to stop the rebulding of a mosque at ground zero.

Brooklyn Tea Party founder John Press, who rallied against the Ground Zero Mosque in recent weeks, again raised the spectre of foreign domination. "The Mosque is founded by a very scary people and the US Constitution does not guarantee the right of a foreign nation to build a mosque in our country," he said. It's unclear if Mr. Press had merely forgotten the First Amendment, but one member of his protest group did recall the constitutional barrier on government suppression of religion -- he just chose to ignore it.

Mark Williams, chairman of the Tea Party Express, blogged about the 13-story mosque and Islamic cultural center planned at Park Place and Broadway, calling it a monument to the 9/11 terrorists. "The monument would consist of a Mosque for the worship of the terrorists' monkey-god,"

In other words the Tea Party is nothing more than religious conservatives trying to control our lives. The Libertarian Party used to be run by Ron Paul who helped kick start the tea party movement. The two are clearly intrinsically linked.

Unfortunately, while he was probably just trolling, a lot of people genuinely believe that the TEAbaggers are either small-l or big-L libertarians. It's hard to say who has the worst marketing department between the Libertarian Party, the North Koreans, and NAMBLA.

For the record, here's how you tell the difference: the L/libertarians were the ones bitching about government overreach during the last administration. The Tea Partiers are the ones who were perfectly content until a President of the Wrong Colo

i dont think "Libertairians" think that devolving government to the local level is desirable they want a very small number of key competencies delivered by government (normaly things like defence) and I suspect that a real libertarian would do away with the individual "states" ability to do anything.

TEA party crowd (though they are not exactly the same) favor a smaller government all the way around. Sure, there are some who, for instance, hate recreational drug use. However, as they favor less government, they don't want the government to restrict it.

What Tea Party figurehead has come out against government restrictions on drugs? Has any speaker at any Tea Party event even brought this up?

No. The Tea Partiers are only against government restrictions on rich white christian folk.

The RIAA and MPAA, that's who. Just look at the wave of stringent content control laws that are on the rise... France already has its three strikes law and ISPs are expected to hand over tens of thousands of names a MONTH to them for suspected use of copyrighted contents. If hotels become considered ISPs, they too will be expected to become indentured servants of the almighty Righteous Inquisition of intellectual property, stripping away yet one more layer of rights from users.

It just seems that the relevant laws have poor definitions. Since the hotels likely must contract with ISPs to connect to the Internet, they are really no more of an ISP than I am when I host a LAN party. They need to define what backbone providers are, and then define ISPs as those companies that offer consumer access plans that make the connection from the consumer to the backbone provider.